Use the New-WebServicesVirtualDirectory cmdlet to create
an Exchange Web Services virtual directory on a server that’s
running Microsoft Exchange Server 2010 that has the Client Access
server role installed.

You can use this cmdlet to create multiple virtual directories.
However, you can create only one Exchange Web Services virtual
directory per Client Access server.

Detailed
Description

You can create multiple virtual directories by using
this cmdlet. However, you can only create one Exchange Web Services
virtual directory for each Web site.

You need to be assigned permissions before you can run
this cmdlet. Although all parameters for this cmdlet are listed in
this topic, you may not have access to some parameters if they're
not included in the permissions assigned to you. To see what
permissions you need, see the "Exchange Web Services virtual
directory settings" entry in the Client Access
Permissions topic.

Parameters

Parameter

Required

Type

Description

ApplicationRoot

Optional

System.String

The ApplicationRoot parameter sets the metabase path of
the virtual directory. By default, this path is the same as the Web
site in which the virtual directory is created.

AppPoolId

Optional

System.String

The AppPoolId parameter sets the pool of programs that
can be used with the virtual directory.

AppPoolIdForManagement

Optional

System.String

The AppPoolIdForManagement parameter specifies the pool
of programs that manages the virtual directory.

The Confirm switch causes the command to pause processing
and requires you to acknowledge what the command will do before
processing continues. You don't have to specify a value with the
Confirm switch.

DigestAuthentication

Optional

System.Boolean

The DigestAuthentication parameter specifies whether
Digest authentication is enabled on the virtual directory.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully
qualified domain name (FQDN) of the domain controller that writes
this configuration change to Active Directory.

ExtendedProtectionFlags

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The ExtendedProtectionFlags parameter is used to
customize the options you use if you're using Extended Protection
for Authentication. The possible values are:

None Default setting.

Proxy Specifies that a proxy is
terminating the SSL channel. A Service Principal Name (SPN) must be
registered in the ExtendedProtectionSPNList parameter if
proxy mode is configured.

ProxyCoHosting Specifies that both HTTP
and HTTPS traffic may be accessing the Client Access server and
that a proxy is located between at least some of the clients and
the Client Access server.

AllowDotlessSPN Specifies whether you
want to support valid SPNs that aren't in the fully qualified
domain name (FQDN) format, for example ContosoMail. You specify
valid SPNs with the ExtendedProtectionSPNList parameter.
This option makes extended protection less secure because dotless
certificates aren't unique, so it isn't possible to ensure that the
client-to-proxy connection was established over a secure
channel.

NoServiceNameCheck Specifies that the
SPN list won't be checked to validate a channel binding token. This
option makes Extended Protection for Authentication less secure. We
generally don't recommend this setting.

ExtendedProtectionSPNList

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The ExtendedProtectionSPNList parameter specifies a list
of valid Service Principal Names (SPNs) if you're using Extended
Protection for Authentication on the specified virtual
directory.

The possible values are:

Null This is the default value.

Single SPN or comma delimited list of valid
SPNs By default, you must specify the fully
qualified domain name (FQDN) (for example mail.contoso.com) for
each SPN. If you want to add an SPN that's not an FQDN (for
example, ContosoMail), you must also use the
ExtendedProtectionTokenChecking parameter with the
AllowDotlessSPN value. You specify the domain in SPN
format. The SPN format is
<protocol>/<FQDN>. For example, a valid
entry could be HTTP/mail.contoso.com.

The ExtendedProtectionTokenChecking parameter defines how
you want to use Extended Protection for Authentication on the
specified Exchange virtual directory. Extended Protection for
Authentication isn't enabled by default. The available settings
are:

None Extended Protection for
Authentication won't be used. Connections between the client and
Exchange won't use Extended Protection for Authentication on this
virtual directory. This is the default setting.

Allow Extended Protection for
Authentication will be used for connections between the client and
Exchange on this virtual directory if both the client and server
support Extended Protection for Authentication. Connections that
don't support Extended Protection for Authentication on the client
and server will work, but may not be as secure as a connection
using Extended Protection for Authentication.

Note:

If you have a proxy server between the client and the Client
Access server that's configured to terminate the client-to-proxy
SSL channel, you must also configure one or more Service Principal
Names (SPNs) by using the ExtendedProtectionSPNList
parameter.

Require Extended Protection for
Authentication will be used for all connections between clients and
Exchange servers for this virtual directory. If either the client
or server doesn't support Extended Protection for Authentication,
the connection between the client and server will fail. If you set
this option, you must also set a value for the
ExtendedProtectionSPNList parameter.

Note:

If you have a proxy server between the client and the Client
Access server that's configured to terminate the client-to-proxy
SSL channel, you must also configure one or more SPNs using the
parameter ExtendedProtectionSPNList.

The ExternalUrl parameter specifies the host name used to
connect to the Exchange server from outside the firewall. This
setting is also important when Secure Sockets Layer (SSL) is
used.

Force

Optional

System.Management.Automation.SwitchParameter

The Force parameter specifies whether to suppress the
warning or confirmation messages that appear during specific
configuration changes.

GzipLevel

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.GzipLevel

The GzipLevel parameter sets Gzip configuration
information for the Exchange Web Services virtual directory. This
parameter can be set to the following values:

Off This value results in no
compression.

Low This value results in static
compression only. Don't use this setting for Exchange Web Services
because Exchange Web Services content is dynamic. You'll get a
warning if you set the GzipLevel parameter to this value. If
you use this setting, it behaves the same as the Off
setting.

High This value results in static
and dynamic compression. Content from Exchange Web Services is
compressed if clients have indicated support for Gzip compression
in their requests.

Error This value identifies
errors in the Gzip compression configuration.

InternalNLBBypassUrl

Optional

System.Uri

The InternalNLBBypassUrl parameter specifies the URL of
the Client Access server, regardless of whether it's behind a
Network Load Balancing (NLB) array. Although the InternalUrl
parameter is set to the URL of the NLB array, the
InternalNLBBypassUrl parameter should always be set to the
URL of the Client Access server. This is because certain Exchange
Web Services calls require machine affinity, and Exchange Web
Services proxy incoming calls to a more appropriate Client Access
server whenever possible.

InternalUrl

Optional

System.Uri

The InternalUrl parameter specifies the host name of the
Exchange server for a connection from inside the firewall. This
setting is also important when SSL is used.

MRSProxyEnabled

Optional

System.Boolean

The MRSProxyEnabled parameter specifies whether to enable
MRSProxy for the Client Access server. MRSProxy is a service that
runs on Client Access servers in a remote forest and helps to proxy
a mailbox move. For more information about MRSProxy, see Understanding Move
Requests.

MRSProxyMaxConnections

Optional

Microsoft.Exchange.Data.Unlimited

The MRSProxyMaxConnections parameter specifies the
maximum number of simultaneous move sessions that an instance of
MRSProxy will accept. This setting accepts values from
0 to unlimited. The default value is
100. For more information about MRSProxy, see Understanding Move
Requests.

Path

Optional

System.String

The Path parameter sets the path of the virtual directory
in the metabase.

WebSiteName

Optional

System.String

The WebSiteName parameter specifies the name of the Web
site under which to create the virtual directory. This parameter
shouldn't be used when you're creating a virtual directory under
the default Web site.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the
actions that it would take on the object. By using the
WhatIf switch, you can view what changes would occur without
having to apply any of those changes. You don't have to specify a
value with the WhatIf switch.

The WSSecurityAuthentication parameter specifies whether
Web Services Security authentication is enabled on the Exchange Web
Services virtual directory. This parameter can be used with the
BasicAuthentication, DigestAuthentication, and
WindowsAuthentication parameters.

Input Types

To see the input types that this cmdlet accepts, see
Cmdlet Input and Output Types. If the Input
Type field for a cmdlet is blank, the cmdlet doesn’t accept input
data.

Return Types

To see the return types, which are also known as output
types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type
field is blank, the cmdlet doesn’t return data.

Examples

EXAMPLE
1

This example creates a virtual directory under the
non-default Web site www.contoso.com. It also sets the external URL
to https://www.contoso.com/webservices.aspx.